top of page

Privacy policy

This privacy notice explains why Mr Adam Topping and APT Aesthetics Ltd collect information about you, how we keep it safe and confidential and how that information may be used. APT Aesthetics Ltd is registered in England & Wales (Company no: 7654022) The registered address is below. The company is Information Commissioner’s Office (ICO) registered.


Why we collect information about you


Healthcare professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS or private organisation. These records help to provide you with the best possible healthcare.


We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and information such as photographic images.

Details we collect about you


The health care professionals who provide you with care maintain records about your health and any treatment or care you have received previously or elsewhere in the NHS or private sector. These records help to provide you with the best possible healthcare.


Records which we may hold about you may include the following:

  • Details about you, such as your address and next of kin, emergency contacts

  • Your home telephone number, mobile phone number, email address

  • Any contact the team has had with you, such as appointments, clinic visits, emergency appointments, etc.

  • Notes and reports about your health, treatment and care

  • Results of investigations, such as laboratory tests, x-rays, etc.

  • Relevant information from other health professionals, relatives or those who care for you

  • Photographic images relating to your surgery

  • Accounting information, such as invoices and receipts

How we keep your information confidential and safe


Your health records are kept in both paper form and electronically. Most Private Hospitals keep and store your paper health records securely. Each private hospital will have its own privacy notice which will include how they store your health records.


Some private hospitals do not store paper health records. These will be transported by Mr Topping securely to and from your appointments with him. 


The electronic storage of your health records held by Mr Topping (APT Aesthetics Ltd) is in a

Database, MidexPro, which is hosted by Avebury Computing Ltd. The information is stored on their secure servers and access restricted to authorized personnel. Their security policy is ISO27001 compliant.


We will only email you, or use your mobile phone number to text you, regarding matters of medical care, such as appointment times and reminders.


We maintain our duty of confidentiality to you always. We will only ever use or pass on your information about you if others involved in your care have a genuine need for it.


We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. a life or death situation) or where the law requires information to be passed on.


How we use information about you


Confidential patient data will be shared within the healthcare teams and hospitals caring for you, including the business office teams (to gain quotes for procedures), nursing staff, admin staff, secretaries and receptionists, theatre staff and anaesthetic teams, as well as with other health professionals to whom a patient is referred and their general practitioner.


Data Processors

  • MidexPro stores electronic patient records securely, as above. Access to the data uploaded to and held on MidexPro requires access by two passwords. One of which is changed at regular intervals.

  • We will email you via the company email address ‘’. The email provider is Microsoft. Email access is password protected on computers and mobile devices.

  • In addition, to communicate confidential information relating to you care between Mr Topping’s team and the private hospitals or anaesthetists we use Egress or CISCO which are two secure email providers. Egress Software Technologies provides industry and government certified encryption services to permit the sharing of sensitive information.CISCO Systems provides an alternative encryption service for the secure transfer of data.

  • Occasionally we may use a call answering service. The provider of this service will ensure that they are GDPR compliant.


Referrals for specific health care purposes


We have to provide information to other organisations in order for them to provide you with medical services. You will be informed of such a referral and you have the right not to be referred this way.


These include:

  • Private Hospital Business Office teams – to gain quotes for procedures

  • Anaesthetists and secretaries to groups of anaesthetists – for support of your surgical procedure 

  • Nursing staff in Private Hospitals – for pre-operative and post-operative care and advice

  • Private Insurance Companies – to provide information so a procedure can be pre-authorised and to confirm what is covered by pre-authorisation code

  • NHS practitioners – should care need to be transferred from the private sector to the NHS

  • General Practitioner

  • Private Specialist Consultants – for the delivery of additional care and advice or second opinions.


Data Sharing Schemes


There are a number of data sharing schemes in which Mr Topping (APT Aesthetics Ltd) has to participate. The data provided to these schemes is anonymized, i.e. you, as an individual, are not identifiable.


  • BAAPS (British Association of Aesthetic Plastic Surgeons) national audit

  • PHIN (Private Healthcare Information Network)

  • MidexPro permits the sharing of anonymised data for accounting purposes


Mandatory disclosures of information


We are sometimes legally obliged to disclose information about our patients to relevant authorities. In these circumstances, the minimum identifiable information that is essential to serve the legal purpose will be disclosed.


That organisation will also have a professional and contractual duty of confidentiality. Data will be anonymized if possible before disclosure if this would serve the purpose for which the data is required.

  • DVLA

  • HMRC

  • Police

  • The Courts

  • The Health Service Ombudsman

  • GMC


Permissive disclosure of information


Only with your explicit consent, can Mr Topping (APT Aesthetics Ltd) release information about you, from your healthcare record, to relevant organisations. These may include:

  • Your general practitioner

  • Insurance companies

  • Solicitors

  • Local authorities

  • Police

  • MyBreastTM (for past patients)

  • Suppliers – post-operative support garments (if requested for direct patient delivery)

Accessing your information on other databases


Mr Topping (APT Aesthetics Ltd) cannot access certain medical information about you, when relevant or not, that is held on other databases (i.e under the control of another data controller). Examples of these are NHS databases or those held by your general practitioner.




Mr Topping (APT Aesthetics Ltd) does not participate in accredited research projects. He will, from time to time, undertake internal practice reviews to improve quality of care and patient experience.

Your right to opt out of sharing of your information


You have the right to opt-out (or object) to ways in which your information is shared, both for healthcare purposes (such as not wishing to have letters sent to your general practitioner), i.e. primary uses of your information, or for purposes other than your direct medical care – so called secondary uses.


Accessing your own medical information


You have the right to access your own healthcare record held by Mr Topping (APT Aesthetics Ltd). However, in the majority of cases, your healthcare record will be held and stored by the Private Hospital where you chose to have your procedure performed. Each hospital will have specific guidelines for you to access your health record via them.




The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process and store sensitive information.

APT Aesthetics Ltd is registered as a data controller and the registration can be viewed online in the public register at:




If you have concerns or are unhappy about any of our services, please contact via email:



For independent advice on data protection, privacy, and data sharing issues, you can contact:


The Information Commissioner

Wycliffe House

Water Lane


Cheshire. SK9 5AF

Tel: 08456 30 60 60


bottom of page